iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Martin Willi 5617c6cd6f nl80211: Allow privileged operations from user namespaces 
While a wiphy can be transferred to network namespaces, a process having
CAP_NET_ADMIN in a non-initial user namespace can not administrate such
devices due to the genetlink GENL_ADMIN_PERM restrictions.

For openvswitch having the same issue, a new GENL_UNS_ADMIN_PERM flag has
been introduced, commit 4a92602aa1cd ("openvswitch: allow management from
inside user namespaces"). This patch changes all privileged operations
operating on a wiphy, dev or wdev to allow their administration using the
same mechanism. All operations use either NEED_WIPHY, NEED_WDEV or
NEED_NETDEV, which implies a namespace aware lookup of the device. The only
exception is NL80211_CMD_SET_WIPHY, which explicitly uses a namespace aware
phy lookup.

Signed-off-by: Martin Willi <martin@strongswan.org>
[also allow cancel scan, for completeness]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-05-31 11:36:34 +02:00
..
6lowpan
6lowpan: move mac802154 header
2016-04-13 10:41:10 +02:00
9p
net/9p: convert to new CQ API
2016-03-10 20:54:09 -05:00
802
8021q
vlan: propagate gso_max_segs
2016-03-17 21:05:01 -04:00
appletalk
appletalk: fix erroneous return value
2016-02-18 14:59:34 -05:00
atm
treewide: replace dev->trans_start update with helper
2016-05-04 14:16:49 -04:00
ax25
ax25: add link layer header validation function
2016-03-09 22:13:01 -05:00
batman-adv
batman-adv: use batadv_compare_eth when possible
2016-05-10 18:28:54 +08:00
bluetooth
Bluetooth: fix power_on vs close race
2016-05-13 16:50:23 +02:00
bridge
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-05-09 15:59:24 -04:00
caif
net: caif: fix misleading indentation
2016-03-14 13:09:50 -04:00
can
sock: enable timestamping using control messages
2016-04-04 15:50:30 -04:00
ceph
libceph: make authorizer destruction independent of ceph_auth_client
2016-04-25 20:54:13 +02:00
core
net: also make sch_handle_egress() drop monitor ready
2016-05-16 14:02:44 -04:00
dcb
net/dcb: make dcbnl.c explicitly non-modular
2015-10-09 07:52:27 -07:00
dccp
dccp: do not assume DCCP code is non preemptible
2016-05-02 17:02:25 -04:00
decnet
decnet: Do not build routes to devices without decnet private data.
2016-04-10 23:01:30 -04:00
dns_resolver
KEYS: Add a facility to restrict new links into a keyring
2016-04-11 22:37:37 +01:00
dsa
dsa: Rename switch chip data to cd
2016-05-11 19:36:28 -04:00
ethernet
eth: Pull header from first fragment via eth_get_headlen
2016-02-24 13:58:05 -05:00
hsr
net/hsr: Use setup_timer and mod_timer.
2016-05-16 14:00:43 -04:00
ieee802154
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
2016-04-26 13:15:56 -04:00
ipv4
tcp: minor optimizations around tcp_hdr() usage
2016-05-16 13:46:23 -04:00
ipv6
tcp: minor optimizations around tcp_hdr() usage
2016-05-16 13:46:23 -04:00
ipx
irda
treewide: replace dev->trans_start update with helper
2016-05-04 14:16:49 -04:00
iucv
af_iucv: Validate socket address length in iucv_sock_bind()
2016-01-19 14:21:08 -05:00
kcm
kcm: Add receive message timeout
2016-03-09 16:36:15 -05:00
key
af_key: fix two typos
2015-10-23 03:05:19 -07:00
l2tp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-05-04 00:52:29 -04:00
l3mdev
net: l3mdev: Allow send on enslaved interface
2016-05-09 22:33:52 -04:00
lapb
llc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-05-09 15:59:24 -04:00
mac80211
Some more work for 4.7, notably:
2016-05-12 11:46:58 -04:00
mac802154
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2016-03-19 10:05:34 -07:00
mpls
GSO: Add GSO type for fixed IPv4 ID
2016-04-14 16:23:40 -04:00
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-05-15 13:32:48 -04:00
netlabel
netlabel: fix a problem with netlbl_secattr_catmap_setrng()
2016-04-05 16:10:47 -04:00
netlink
netlink: Fix dump skb leak/double free
2016-05-16 22:05:15 -04:00
netrom
nfc
nfc: nci: Add nci_nfcc_loopback to the nci core
2016-05-04 01:48:16 +02:00
openvswitch
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-05-15 13:32:48 -04:00
packet
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-04-23 18:51:33 -04:00
phonet
sock: struct proto hash function may error
2016-02-11 03:54:14 -05:00
qrtr
Merge tag 'qcom-soc-for-4.7-2' into net-next
2016-05-17 14:11:19 -04:00
rds
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-05-04 00:52:29 -04:00
rfkill
rfkill: Use switch to demux userspace operations
2016-04-05 10:48:53 +02:00
rose
rxrpc
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
2016-05-19 09:21:36 -07:00
sched
net_sched: close another race condition in tcf_mirred_release()
2016-05-17 12:40:28 -04:00
sctp
sctp: prepare for socket backlog behavior change
2016-05-02 17:02:26 -04:00
sunrpc
sunrpc: set SOCK_FASYNC
2016-05-13 01:43:52 -04:00
switchdev
switchdev: pass pointer to fib_info instead of copy
2016-05-17 13:58:49 -04:00
tipc
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2016-05-17 17:05:30 -07:00
unix
constify security_path_{mkdir,mknod,symlink}
2016-03-28 00:47:27 -04:00
vmw_vsock
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-05-09 15:59:24 -04:00
wimax
wireless
nl80211: Allow privileged operations from user namespaces
2016-05-31 11:36:34 +02:00
x25
net: fix a kernel infoleak in x25 module
2016-05-09 22:45:33 -04:00
xfrm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-05-09 15:59:24 -04:00
compat.c
Kconfig
bpf: add generic constant blinding for use in jits
2016-05-16 13:49:32 -04:00
Makefile
net: Add Qualcomm IPC router
2016-05-08 23:46:14 -04:00
socket.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2016-05-17 16:26:30 -07:00
sysctl_net.c
net: sysctl: fix a kmemleak warning
2015-10-23 06:22:08 -07:00